Smishing/Phishing

Smishing Phishing2Smishing is a form of social engineering, a tactic used by bad actors looking for ways to access and steal our data via text message.

Phishing like smishing is also a form of social engineering but instead of doing it via text they do it via email.

In the infographics, you can see how scammers may impersonate people you know, like colleagues, directors, or deans. But they can assume other various identities. Some crafty scammers might even pose as friends, relatives, or company representatives, like Anti-Virus or Microsoft agents.

Remember, legitimate companies like Microsoft and Apple won't request your info via email, text or warn about your Rutgers email expiring.

If you have doubts about an email or text, it's wise to contact the sender directly if you're familiar with them.

  

Fraudulent DUO Alerts

 Fraudulent Duo2Picture this scenario. You are at home, enjoying a wonderful beverage of your choice while watching a program or reading the latest academic article. You suddenly get an unsolicited DUO Push notification from your phone or tablet. You might find yourself thinking, "That is odd", you aren't currently trying to log into a Rutgers site or service. So, why are you receiving a notification? Do not APPROVE it in this scenario, DENY IT and reach out to OIT (833-648-4357) as soon as you are able to. I would also suggest changing your NetID password in this instance as well!

Here is an info graphic that reiterates the steps on what one should do when receiving one.

 

Build a Strong Password

Strong Password2I want to emphasize the importance of strong passwords. While some of you may already be familiar with this topic, it's crucial for others who may find it informative. Password security is a vital defense against unauthorized access to essential systems, services, and data. At Rutgers, our NetID is linked to various crucial services like email, payroll, and benefits, making it imperative that we maintain robust NetID passwords.

Beyond Rutgers, we all manage numerous login credentials for services like banking, cable, internet, and more. It's common to face the challenge of creating and remembering passwords for these accounts. While it can be frustrating, it's essential to avoid using the same password for everything.

To enhance our security, we must resist the temptation of having a single, go-to password for all accounts. This practice is critical for safeguarding our financial information, personal identities, and access to various services, whether they're work-related or part of our daily lives. To help with password management, I have some tips to share:

  

To create memorable passwords:

  • Use phrases, like "carbsforlife," and if some systems allow spaces, your password can then look like this "carbs for life." Tailor complexity to system requirements, like "Carbs4LIFE!"
  • Avoid single words combined with a single number, e.g., "Password1," as they're vulnerable to dictionary attacks.
  • Don't use easily accessible personal information. If friends and family can find it, so can malicious actors.

Consider password management solutions:

  • Explore password management platforms or password vaults. I use One Password, available at https://1password.com/
  • Password managers help generate, store, and autofill passwords on all your devices.
  • They can be installed in your browser and on Android/iOS devices.
  • Many options offer a free trial, and have a variety of plans, some even have family plans.
  • Other password managers like LastPass and KeePass are available, but research before choosing one.

 

Juice Jacking

"Juice Jacking," which is when hackers use public charging stations to steal your data by injecting malicious code into the station to access and steal data from your mobile devices or track them. Here are some tips to help prevent juice jacking while traveling:

  1. Avoid sensitive transactions on public Wi-Fi; use trusted connections.
  2. Keep software updated to prevent security vulnerabilities.
  3. Bring your charger or portable battery for secure device charging.
  4. Turn off Bluetooth when not in use to reduce hacking risks.
  5. Don't leave devices unattended, even briefly.
  6. Beware of shoulder surfers accessing your personal data. (A shoulder surfer is an ill-intentioned person looking over your shoulder with the hopes of peeking at some sensitive data.)

 

Online Shopping Tips

Ensure you're on a reputable site that uses HTTPS. Be cautious as some websites aim to steal your information. Don't impulsively click on Google or Bing links when searching for that perfect gift.

 

Say NO to Remote Sessions with Strangers

Engaging in remote sessions with strangers can pose risks to your privacy and security. Sharing personal information or accessing sensitive data during these sessions might lead to unintended consequences, such as data breaches or identity theft.

If you find yourself in a situation where you can’t get in touch with us, e.g: you’re travelling abroad then it is crucial to:

  • Vet and Verify: Before engaging in any remote sessions, conduct thorough research on the individual or organization. Check their credentials, reviews, and legitimacy.

It is strongly recommended that you reach out to your department's IT team regarding concerns related to your computer or other devices. 

 

Cyber Security Class recommendations

  1. Learning Mobile Device Security: Build safe habits for mobile devices to reduce risks and protect your privacy.
  2. Securing Your Home Office: Master remote work security, covering work vs. personal use, physical security, Wi-Fi, and more.
  3. Cybersecurity in workplace: Enhance your cybersecurity knowledge, safeguarding data from threats like malware and social engineering.
  4. Security Tips: Access short, 2–3-minute videos on various topics for home and workplace information security.